On-demand content filtering of snapshots within a storage system

ABSTRACT

On-demand content filtering of snapshots within a storage system, including: associating an access policy with a snapshot, the access policy specifying a transformation to apply to a predefined data object; receiving a first request to access a portion of the snapshot; and responsive to receiving the first request: creating a transformed snapshot portion by applying the transformation specified in the access policy to one or more data objects contained within the portion of the snapshot; and presenting the transformed snapshot portion.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 sets forth a block diagram of a storage system configured for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 2 sets forth a block diagram of a storage array controller useful in on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 3 sets forth a block diagram of a storage system configured for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 4 sets forth a flow chart illustrating an example method for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 5 sets forth a flow chart illustrating an additional example method for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 6 sets forth a flow chart illustrating an additional example method for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 7 sets forth a flow chart illustrating an additional example method for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 8 sets forth a flow chart illustrating an additional example method for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 9 sets forth a flow chart illustrating an additional example method for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

FIG. 10 illustrates a perspective view of a storage cluster with multiple storage nodes and internal solid-state memory coupled to each storage node to provide network attached storage or storage area network in accordance with some embodiments of the present disclosure.

FIG. 11 illustrates a block diagram showing a communications interconnect and power distribution bus coupling multiple storage nodes according to some embodiments of the present disclosure.

FIG. 12 is a multiple level block diagram, showing contents of a storage node and contents of a non-volatile solid state storage of the storage node according to some embodiments of the present disclosure.

FIG. 13 illustrates a storage server environment, which may utilize embodiments of the storage nodes and storage units according to some embodiments of the present disclosure.

FIG. 14 illustrates a blade hardware block diagram according to some embodiments of the present disclosure.

DESCRIPTION OF EMBODIMENTS

Example methods, apparatus, and products for on-demand content filtering of snapshots within a storage system in accordance with the present disclosure are described with reference to the accompanying drawings, beginning with FIG. 1. FIG. 1 sets forth a block diagram of a storage system (100) configured for on-demand content filtering of snapshots according to some embodiments of the present disclosure.

The storage system (100) depicted in FIG. 1 includes a plurality of storage arrays (102, 104), although on-demand content filtering of snapshots within a storage system in accordance with embodiments of the present disclosure may be carried out in storage systems that include only a single storage array. Each storage array (102, 104) may be embodied as a collection of computer hardware devices that provide persistent data storage to users of the storage system (100). Each storage array (102, 104) may include a collection of data storage devices that are mounted within one or more chassis, racks, or other enclosure. Although not expressly depicted in FIG. 1, each storage array (102, 104) may include a plurality of power supplies that deliver power to one or more components within the storage system (100) via a power bus, each storage array (102, 104) may include a plurality of data communications networks that enables one or more components within the storage system (100) to communicates, each storage array (102, 104) may include a plurality of cooling components that are used to cool one or more components within the storage system (100), and so on.

The example storage arrays (102, 104) depicted in FIG. 1 may provide persistent data storage for computing devices (164, 166, 168, 170) that are coupled to the storage system (100) via one or more data communications networks. Each of the computing devices (164, 166, 168, 170) depicted in FIG. 1 may be embodied, for example, as a server, a workstation, a personal computer, a notebook, a smartphone, a tablet computer, or the like. The computing devices (164, 166, 168, 170) in the example of FIG. 1 are coupled for data communications to the storage arrays (102, 104) through a storage area network (‘SAN’) (158). The SAN (158) may be implemented with a variety of data communications fabrics, devices, and protocols. Example fabrics for such a SAN (158) may include Fibre Channel, Ethernet, Infiniband, Serial Attached Small Computer System Interface (‘SAS’), and the like. Example data communications protocols for use in such a SAN (158) may include Advanced Technology Attachment (‘ATA’), Fibre Channel Protocol, SCSI, iSCSI, HyperSCSI, and others. Readers will appreciate that a SAN is just one among many possible data communications couplings which may be implemented between a computing device (164, 166, 168, 170) and a storage array (102, 104). For example, the storage devices (146, 150) within the storage arrays (102, 104) may also be coupled to the computing devices (164, 166, 168, 170) as network attached storage (‘NAS’) capable of facilitating file-level access, or even using a SAN-NAS hybrid that offers both file-level protocols and block-level protocols from the same system. Any other such data communications coupling is well within the scope of embodiments of the present disclosure.

The computing devices (164, 166, 168, 170) depicted in FIG. 1 are also coupled for data communications to the storage arrays (102, 104) through a local area network (160) (‘LAN’). The LAN (160) of FIG. 1 may also be implemented with a variety of fabrics and protocols. Examples of such fabrics include Ethernet (802.3), wireless (802.11), and the like. Examples of such data communications protocols include Transmission Control Protocol (‘TCP’), User Datagram Protocol (‘UDP’), Internet Protocol (‘IP’), HyperText Transfer Protocol (‘HTTP’), Wireless Access Protocol (‘WAP’), Handheld Device Transport Protocol (‘HDTP’), Real Time Protocol (‘RTP’) and others as will occur to those of skill in the art. The LAN (160) depicted in FIG. 1 may be coupled to other computing devices not illustrated in FIG. 1, for example, via the Internet (172). Although only one storage array (104) is expressly depicted as being coupled to the computing devices (164, 166, 168, 170) via the LAN (160), readers will appreciate that other storage arrays (102) in the storage system (100) may also be coupled to the computing devices (164, 166, 168, 170) via the same LAN (160) or via a different LAN.

Each storage array (102, 104) depicted in FIG. 1 includes a plurality of storage array controllers (106, 112, 118, 120). Each storage array controller (106, 112, 118, 120) may be embodied as a module of automated computing machinery comprising computer hardware, computer software, or a combination of computer hardware and software. Each storage array controller (106, 112, 118, 120) may be configured to carry out various storage-related tasks such as, for example, writing data received from the one or more of the computing devices (164, 166, 168, 170) to storage, erasing data from storage, retrieving data from storage to provide the data to one or more of the computing devices (164, 166, 168, 170), monitoring and reporting of disk utilization and performance, performing RAID (Redundant Array of Independent Drives) or RAID-like data redundancy operations, compressing data, encrypting data, and so on.

Each storage array controller (106, 112, 118, 120) may be implemented in a variety of ways, including as a Field Programmable Gate Array (‘FPGA’), a Programmable Logic Chip (‘PLC’), an Application Specific Integrated Circuit (‘ASIC’), or computing device that includes discrete components such as a central processing unit, computer memory, and various adapters. Each storage array controller (106, 112, 118, 120) may include, for example, a data communications adapter configured to support communications via the SAN (158) and the LAN (160). Although only one of the storage array controllers (120) in the example of FIG. 1 is depicted as being coupled to the LAN (160) for data communications, readers will appreciate that each storage array controller (106, 112, 118, 120) may be independently coupled to the LAN (160). Each storage array controller (106, 112, 118, 120) may also include, for example, an I/O controller or the like that couples the storage array controller (106, 112, 118, 120) for data communications, through a midplane (114, 116), to a number of storage devices (146, 150), and a number of write buffer devices (148, 152) that are utilized as write caches.

In the example depicted in FIG. 1, the presence of multiple storage array controllers (106, 112, 118, 120) in each storage array (102, 104) can enable each storage array (102, 104) to be highly available as there are independent, redundant storage array controllers (106, 112, 118, 120) that are capable of servicing access requests (e.g., reads, writes) to the storage arrays (102, 104). In some embodiments, each storage array controller (106, 112, 118, 120) in a particular storage array (102, 104) may appear to be active to the computing devices (164, 166, 168, 170) as each storage array controller (106, 112, 118, 120) may be available for receiving requests to access the storage array (102, 104) from the computing devices (164, 166, 168, 170) via the SAN (158) or LAN (160). Although each storage array controller (106, 112, 118, 120) in a particular storage array (102, 104) may appear to be active to the computing devices (164, 166, 168, 170), in some embodiments only one storage array controller (106, 112, 118, 120) may actively be allowed to direct access requests to the storage devices (146, 150) or write buffer devices (148, 152). For ease of explanation, a storage array controller that is allowed to direct access requests to the storage devices (146, 150) or write buffer devices (148, 152) may be referred to herein as an ‘active’ storage array controller whereas a storage array controller that is not allowed to direct access requests to the storage devices (146, 150) or write buffer devices (148, 152) may be referred to herein as a ‘passive’ storage array controller. Readers will appreciate that because a passive storage array controller may still receive requests to access the storage array (102, 104) from the computing devices (164, 166, 168, 170) via the SAN (158) or LAN (160), the passive storage array controller may be configured to forward any access requests received by the passive storage array controller to the active storage array controller.

Consider an example in which a first storage array controller (106) in a first storage array (102) is the active storage array controller that is allowed to direct access requests to the storage devices (146) or write buffer devices (148) within the first storage array (102), while a second storage array controller (118) in the first storage array (102) is the passive storage array controller that is not allowed to direct access requests to the storage devices (146) or write buffer devices (148) within the first storage array (102). In such an example, the second storage array controller (118) may continue to receive access requests from the computing devices (164, 166, 168, 170) via the SAN (158) or LAN (160). Upon receiving access requests from the computing devices (164, 166, 168, 170), the second storage array controller (118) may be configured to forward such access requests to the first storage array controller (106) via a communications link between the first storage array controller (106) and the second storage array controller (118). Readers will appreciate that such an embodiment may reduce the amount of coordination that must occur between the first storage array controller (106) and the second storage array controller (118) relative to an embodiment where both storage array controllers (106, 118) are allowed to simultaneously modify the contents of the storage devices (146) or write buffer devices (148).

Although the example described above refers to an embodiment where the first storage array controller (106) is the active storage array controller while the second storage array controller (118) is the passive storage array controller, over time such designations may switch back and forth. For example, an expected or unexpected event may occur that results in a situation where the first storage array controller (106) is the passive storage array controller while the second storage array controller (118) is the active storage array controller. An example of an unexpected event that could cause a change in the roles of each storage array controller (106, 118) is the occurrence of a failure or error condition with the first storage array controller (106) that causes the storage array (102) to fail over to the second storage array controller (118). An example of an expected event that could cause a change in the roles of each storage array controller (106, 118) is the expiration of a predetermined period of time, as the first storage array controller (106) may be responsible for interacting with the storage devices (146) and the write buffer devices (148) during a first time period while the second storage array controller (118) may be responsible for interacting with the storage devices (146) and the write buffer devices (148) during a second time period. Readers will appreciate that although the preceding paragraphs describe active and passive storage array controllers with reference to the first storage array (102), the storage array controllers (112, 120) that are part of other storage arrays (104) in the storage system (100) may operate in a similar manner.

Each storage array (102, 104) depicted in FIG. 1 includes one or more write buffer devices (148, 152). Each write buffer device (148, 152) may be configured to receive, from the one of the storage array controller (106, 112, 118, 120), data to be stored in one or more of the storage devices (146, 150). In the example of FIG. 1, writing data to the write buffer device (148, 152) may be carried out more quickly than writing data to the storage device (146, 150). The storage array controllers (106, 112, 118, 120) may therefore be configured to effectively utilize the write buffer devices (148, 152) as a quickly accessible buffer for data destined to be written to one or the storage devices (146, 150). By utilizing the write buffer devices (148, 152) in such a way, the write latency experienced by users of the storage system (100) may be significantly improved relative to storage systems that do not include such write buffer devices (148, 152). The write latency experienced by users of the storage system (100) may be significantly improved relative to storage systems that do not include such write buffer devices (148, 152) because the storage array controllers (106, 112, 118, 120) may send an acknowledgment to the user of the storage system (100) indicating that a write request has been serviced once the data associated with the write request has been written to one or the write buffer devices (148, 152), even if the data associated with the write request has not yet been written to any of the storage devices (146, 150).

The presence of the write buffer devices (148, 152) may also improve the utilization of the storage devices (146, 150) as a storage array controller (106, 112, 118, 120) can accumulate more writes and organize writing to the storage devices (146, 150) for greater efficiency. Greater efficiency can be achieved, for example, as the storage array controller (106, 112, 118, 120) may have more time to perform deeper compression of the data, the storage array controller (106, 112, 118, 120) may be able to organize the data into write blocks that are in better alignment with the underlying physical storage on the storage devices (146, 150), the storage array controller (106, 112, 118, 120) may be able to perform deduplication operations on the data, and so on. Such write buffer devices (148, 152) effectively convert storage arrays of solid-state drives (e.g., “Flash drives”) from latency limited devices to throughput limited devices. In such a way, the storage array controller (106, 112, 118, 120) may be given more time to better organize what is written to the storage devices (146, 150), but after doing so, are not then mechanically limited like disk-based arrays are.

Each storage array (102, 104) depicted in FIG. 1 includes one or more storage devices (146, 150). A ‘storage device’ as the term is used in this specification refers to any device configured to record data persistently. The term ‘persistently’ as used here refers to a device's ability to maintain recorded data after loss of a power source. Examples of storage devices may include mechanical, spinning hard disk drives, solid-state drives, and the like.

The storage array controllers (106, 112) of FIG. 1 may be useful in on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure. The storage array controllers (106, 112) may assist in on-demand content filtering of snapshots within a storage system by: associating an access policy with a snapshot, the access policy specifying a transformation to apply to a predefined data object; receiving a first request to access a portion of the snapshot; and responsive to receiving the first request: creating a transformed snapshot portion by applying the transformation specified in the access policy to one or more data objects contained within the portion of the snapshot; presenting the transformed snapshot portion; and performing at least all of the steps depicted in the flow charts that will be described in greater detail below. The arrangement of computing devices, storage arrays, networks, and other devices making up the example system illustrated in FIG. 1 are for explanation, not for limitation. Systems useful according to various embodiments of the present disclosure may include different configurations of servers, routers, switches, computing devices, and network architectures, not shown in FIG. 1, as will occur to those of skill in the art.

On-demand content filtering of snapshots within a storage system in accordance with embodiments of the present disclosure is generally implemented with computers. In the system of FIG. 1, for example, all the computing devices (164, 166, 168, 170) and storage controllers (106, 112, 118, 120) may be implemented to some extent at least as computers. For further explanation, therefore, FIG. 2 sets forth a block diagram of a storage array controller (202) useful in on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure.

The storage array controller (202) of FIG. 2 may be similar to the storage array controllers depicted in FIG. 1, as the storage array controller (202) of FIG. 2 is communicatively coupled, via a midplane (206), to one or more storage devices (212) and to one or more write buffer devices (214) that are included as part of a storage array (216). The storage array controller (202) may be coupled to the midplane (206) via one or more data communications links (204) and the midplane (206) may be coupled to the storage devices (212) and the memory buffer devices (214) via one or more data communications links (208, 210). The data communications links (204, 208, 210) of FIG. 2 may be embodied, for example, as Peripheral Component Interconnect Express (‘PCIe’) bus. Although only one of the storage array controllers (202) is depicted in detail, readers will appreciate that other storage array controllers (206) may include similar components. For ease of explanation, however, the detailed view of one of the storage array controllers (202) will be described below.

The storage array controller (202) of FIG. 2 includes at least one computer processor (232) or ‘CPU’ as well as random access memory (‘RAM’) (236). The computer processor (232) may be connected to the RAM (236) via a data communications link (230), which may be embodied as a high speed memory bus such as a Double-Data Rate 4 (‘DDR4’) bus. Although the storage array controller (202) detailed in FIG. 2 includes only a single computer processor, readers will appreciate that storage array controllers useful in on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure may include additional computer processors. Likewise, although the storage array controller (202) detailed in FIG. 2 includes only a RAM (236), readers will appreciate that storage array controllers useful in on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure may include additional forms of computer memory such as flash memory.

Stored in RAM (236) is an operating system (246). Examples of operating systems useful in storage array controllers (202) configured for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure include UNIX™, Linux™, Microsoft Windows™, and others as will occur to those of skill in the art. The operating system (246) depicted in FIG. 2 may be embodied, for example, as system software that manages computer hardware and software resources on the storage array controller (202).

The storage array controller (202) detailed in FIG. 2 also includes an array operating environment (248) that is stored in RAM (236). The array operating environment (248) may be embodied as one or more modules of computer program instructions used to enable the storage array controller (202) to service access requests that are directed to the storage array (216). The array operating environment (248) may be responsible for generating I/O requests (e.g., read requests, write requests) that are sent to the storage devices (212) or the write buffer devices (214). The array operating environment (248) may be further configured to perform various functions that result in more efficient utilization of the resources within the storage array (216). The array operating environment (248) may be configured, for example, to compress data prior to writing the data to one of the storage devices (212), to perform data deduplication operations, to pool data that is to be written to one of the storage devices (212) so that data may be written in blocks of a predetermined size, and so on.

Also stored in RAM (236) is a snapshot filtering module (250), a module that includes computer program instructions useful in on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure. The snapshot filtering module (250) may perform on-demand content filtering of snapshots within a storage system by: associating an access policy with a snapshot, the access policy specifying a transformation to apply to a predefined data object; receiving a first request to access a portion of the snapshot; and responsive to receiving the first request: creating a transformed snapshot portion by applying the transformation specified in the access policy to one or more data objects contained within the portion of the snapshot; and presenting the transformed snapshot portion. Readers will appreciate that snapshot filtering module (250) may be further useful in on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure by performing other functions as will be described in greater detail below, including all of the steps and functions described in the flowcharts that are included below.

The storage array controller (202) of FIG. 2 also includes a plurality of host bus adapters (218, 220) and one or more Ethernet adapters (222) that are coupled to the processor (232) via a data communications link (224, 226, 228). Each of the adapters (218, 220, 222) may be embodied as a module of computer hardware that connects the host system (i.e., the storage array controller) to other network and storage devices. Each of the adapters (218, 220, 222) of FIG. 2 may be embodied, for example, as a Fibre Channel adapter that enables the storage array controller (202) to connect to a SAN, as an Ethernet adapter that enables the storage array controller (202) to connect to a LAN, as a Target Channel Adapter, as a SCSI/Storage Target Adapter, and so on. Each of the host bus adapters (218, 220, 222) may be coupled to the computer processor (232) via a data communications link (224, 226, 228) such as, for example, a PCIe bus.

The storage array controller (202) of FIG. 2 also includes a switch (244) that is coupled to the computer processor (232) via a data communications link (238). The switch (244) of FIG. 2 may be embodied as a computer hardware device that can create multiple endpoints out of a single endpoint, thereby enabling multiple devices to share what was initially a single endpoint. The switch (244) of FIG. 2 may be embodied, for example, as a PCIe switch that is coupled to a PCIe bus (238) and presents multiple PCIe connection points to the midplane (206).

The storage array controller (202) of FIG. 2 may also include a data communications link (234) for coupling the storage array controller (202) to other storage array controllers. Such a data communications link (234) may be embodied, for example, as a QuickPath Interconnect (‘QPI’) interconnect, as PCIe non-transparent bridge (‘NTB’) interconnect, and so on.

Readers will recognize that these components, protocols, adapters, and architectures are for illustration only, not limitation. Such a storage array controller may be implemented in a variety of different ways, each of which is well within the scope of the present disclosure.

For further explanation, FIG. 3 sets forth a block diagram illustrating a write buffer device (312) useful in on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure. The write buffer device (312) depicted in FIG. 3 may be similar to the write buffer devices depicted in FIG. 1 and FIG. 2. The write buffer device (312) may be included in a storage array (302) that includes a plurality of storage array controllers (304, 306) that are communicatively coupled to a plurality of storage devices (310) and also communicatively coupled to a plurality of write buffer devices (312) via a midplane (308).

The write buffer device (312) depicted in FIG. 3 includes two data communications ports (314, 316). The data communications ports (314, 316) of FIG. 3 may be embodied, for example, as computer hardware for communicatively coupling the write buffer device (312) to a storage array controller (304, 306) via the midplane (308). For example, the write buffer device (312) may be communicatively coupled to the first storage array controller (304) via a first data communications port (314) and the write buffer device (312) may also be communicatively coupled to the second storage array controller (306) via a second data communications port (316). Although the write buffer device (312) depicted in FIG. 3 includes two data communications ports (314, 316), readers will appreciate that write buffer devices useful for buffering data to be written to an array of non-volatile storage devices may include only one data communications port or, alternatively, additional data communications ports not depicted in FIG. 3.

The write buffer device (312) depicted in FIG. 3 also includes a controller (320). The controller (320) depicted in FIG. 3 may be embodied, for example, as computer hardware for receiving memory access requests (e.g., a request to write data to memory in the write buffer device) via the data communications ports (314, 316) and servicing such memory access requests. The controller (320) depicted in FIG. 3 may be embodied, for example, as an ASIC, as a microcontroller, and so on. The controller (320) depicted in FIG. 3 may be communicatively coupled the data communications ports (314, 316), for example, via a PCIe data communications bus.

The write buffer device (312) depicted in FIG. 3 also includes a plurality of DRAM memory modules, embodied in FIG. 3 as DRAM dual in-line memory modules (‘DIMMs’) (338). The DRAM DIMMs (338) depicted in FIG. 3 may be coupled to the controller (320) via a memory bus such as a DDR (318) memory bus such that the controller (320) can be configured to write data to the DRAM DIMMs (338) via the DDR (318) memory bus.

The write buffer device (312) depicted in FIG. 3 also includes a primary power source (326). The primary power source (326) may be embodied as computer hardware for providing electrical power to the computing components that are within the write buffer device (312). The primary power source (326) may be embodied, for example, as a switched-mode power supply that supplies electric energy to an electrical load by converting alternating current (‘AC’) power from a mains supply to a direct current (‘DC’) power, as a DC-to-DC converter that converts a source of direct current (DC) from one voltage level to another, and so on. The primary power source (326) of FIG. 3 is coupled to the controller (320) via a power line (322) that the primary power source (326) can use to deliver power to the controller (320). The primary power source (326) of FIG. 3 is also coupled to the DRAM DIMMs (338) via a power line (330) that the primary power source (326) can use to deliver power to the DRAM DIMMs (338). The primary power source (326) of FIG. 3 is also coupled to a power source controller (340) via a power line (332) that the primary power source (326) can use to deliver power to the power source controller (340). The primary power source (326) can monitor which components are receiving power through the use of one or more control lines (324), serial presence detect (‘SPD’) lines (328), or other mechanism for detecting the presence of a device and detecting that power is being provided to the device. Readers will appreciate that write devices useful for buffering data to be written to an array of non-volatile storage devices may include additional computing components not depicted in FIG. 3, each of which may also receive power from the primary power source (326).

The write buffer device (312) depicted in FIG. 3 also includes a backup power source (344). The backup power source (344) depicted in FIG. 3 represents a power source capable of providing power to the DRAM DIMMs (338) in the event that the primary power source (326) fails. In such a way, the DRAM DIMMs (338) may effectively serve as non-volatile memory, as a failure of the primary power source (326) will not cause the contents of the DRAM DIMMs (338) to be lost because the DRAM DIMMs (338) will continue to receive power from the backup power source (344). Such a backup power source (344) may be embodied, for example, as a supercapacitor.

The write buffer device (312) depicted in FIG. 3 also includes a power source controller (340). The power source controller (340) depicted in FIG. 3 may be embodied as a module of computer hardware configured to identify a failure of the primary power source (326) and to cause power to be delivered to the DRAM DIMMs (338) from the backup power source (344). In such an example, power may be delivered to the DRAM DIMMs (338) from the backup power source (344) via a first power line (342) between the power source controller (340) and the backup power source (344), as well as a second power line (334) between the backup power source controller (340) and the DRAM DIMMs (338). The backup power source controller (340) depicted in FIG. 3 may be embodied, for example, as an analog circuit, an ASIC, a microcontroller, and so on. The power source controller (340) can monitor whether the DRAM DIMMs (338) have power through the use of one or more control lines (336) that may be coupled to the DRAM DIMMs (338), as well as one or more control lines that may be coupled to the primary power source (326). In such an example, by exchanging signals between the DRAM DIMMs (338), the primary power source (326), and the power source controller (340), the power source controller (340) may identify whether power is being provided to the DRAM DIMMs (338) by the primary power source (326).

In the example depicted in FIG. 3, the controller (320) may be configured to receive, from a storage array controller (304, 306) via the one or more data communications ports (314, 316), an instruction to write data to the one or more DRAM DIMMs (338). Such an instruction may include, for example, the location at which to write the data, the data to be written to the DRAM DIMMs (338), the identity of the host that issued the instruction, the identity of a user associated with the instruction, or any other information needed to service the instruction. In the example depicted in FIG. 3, the NVRAM controller (320) may be further configured to write the data to the one or more DRAM DIMMs (338) in response to receiving such an instruction.

In the example depicted in FIG. 3, the controller (320) may be further configured to send an acknowledgment indicating that the data has been written to the array (302) of non-volatile storage devices in response to writing the data to the one or more DRAM DIMMs (338). The controller (320) may send the acknowledgment indicating that the data has been written to the array (302) of non-volatile storage devices in response to writing the data to the DRAM DIMMs (338) in the write buffer device (312). Readers will appreciate that although some forms of DRAM DIMMs (338) are considered to be volatile memory, because the DRAM DIMMs (338) are backed by redundant power sources (326, 344), writing the data to the DRAM DIMMs (338) in the write buffer device (312) may be treated the same as writing the data to traditional forms of non-volatile memory such as the storage devices (310). Furthermore, the DRAM DIMMs (338) in the write buffer device (312) can include one or more NVDIMMs. As such, once the data has been written to the DRAM DIMMs (338) in the write buffer device (312), an acknowledgement may be sent indicating that the data has been safely and persistently written to the array (302) of non-volatile storage devices.

In the example depicted in FIG. 3, the controller (320) may be further configured to determine whether the primary power source (326) has failed. The controller (320) may determine whether the primary power source (326) has failed, for example, by receiving a signal over the control line (324) indicating that the primary power source (326) has failed or is failing, by detecting a lack of power from the primary power source (326), and so on. In such an example, the controller (320) may be coupled to the backup power source (344) or may have access to another source of power such that the controller (320) can remain operational if the primary power source (326) does fail.

In the example depicted in FIG. 3, the controller (320) may be further configured to initiate a transfer of data contained in the one or more DRAM DIMMs (338) to flash memory in the write buffer device (312) in response to determining that the primary power source (326) has failed. The controller (320) may initiate a transfer of data contained in the one or more DRAM DIMMs (338) to flash memory in the write buffer device (312), for example, by signaling an NVDIMM to write the data contained in the one or more DRAM DIMMs (338) to flash memory on the NVDIMM.

Readers will appreciate that although the examples described above include various system configurations, device configurations, and so on, the examples described above are included only for explanatory purposes. In fact, on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure may be carried out on storage devices that are different than the storage devices described above and on storage systems that are different than the storage systems described above. For example, storage systems configured for on-demand content filtering of snapshots within a storage system according to some embodiments of the present disclosure may be carried out in storage systems that include no write cache, in storage systems that do not include a non-volatile write cache, on storage systems that where the components of the storage system are in the form factor of a blade computing device that includes processing resources, storage resources, or any combination thereof.

Readers will appreciate that the storage systems and the components that are contained in such storage systems, as described in the present disclosure, are included for explanatory purposes and do not represent limitations as to the types of systems that may be configured for on-demand content filtering of snapshots. In fact, storage systems configured for on-demand content filtering of snapshots may be embodied in many other ways and may include fewer, additional, or different components. For example, storage within storage systems configured for on-demand content filtering of snapshots may be embodied as block storage where data is stored in blocks, and each block essentially acts as an individual hard drive. Alternatively, storage within storage systems configured for on-demand content filtering of snapshots may be embodied as object storage, where data is managed as objects. Each object may include the data itself, a variable amount of metadata, and a globally unique identifier, where object storage can be implemented at multiple levels (e.g., device level, system level, interface level). In addition, storage within storage systems configured for on-demand content filtering of snapshots may be embodied as file storage in which data is stored in a hierarchical structure. Such data may be saved in files and folders, and presented to both the system storing it and the system retrieving it in the same format. Such data may be accessed using the Network File System (‘NFS’) protocol for Unix or Linux, Server Message Block (‘SMB’) protocol for Microsoft Windows, or in some other manner.

For further explanation, FIG. 4 sets forth a flow chart illustrating an example method for on-demand content filtering of snapshots within a storage system (400) stored on a storage device (412) according to some embodiments of the present disclosure. As described above, on-demand content filtering of snapshots within a storage system (400) stored on a storage device (412) may be carried out by one or more modules of computer program instructions executing on computer hardware such as a CPU, where the CPU is housed within a storage array controller as described above. Readers will appreciate that in other embodiments, on-demand content filtering of snapshots within a storage system (400) stored on a storage device (412) may be carried out by firmware within the storage device (412) itself. Such firmware may be executing on a computing device within the storage device (412) such as, for example, a memory controller, an ASIC, and so on.

The example method depicted in FIG. 4 includes associating (402) an access policy (414) with a snapshot (416). The snapshot (416) depicted in FIG. 4 can represent the state of the storage system (400) (or at least a portion of the storage system) at a particular point in time, as the snapshot may include a copy of all data stored in a particular volume at a particular point in time, a copy of all data stored in particular LUN at a particular point in time, a copy of all data stored in a particular range of addresses at a particular point in time, and so on. Readers will appreciate that such snapshots (416) may be immutable although in alternative embodiments the snapshots (416) may be non-immutable. In the example method depicted in FIG. 4, associating (402) an access policy (414) with a snapshot (416) may be carried out, for example, by assigning the access policy (414) to the snapshot (416) and retaining such an assignment through the use of one or more tables or other data structures that associate identifiers for particular snapshots with identifiers for particular access policies. Such assignments may be made, for example, through the use of one or more rules that cause particular access policies to be associated with data written to the storage device (412) by particular applications or types of applications, through the use of one or more rules that cause particular access policies to be associated with data written to the storage device (412) by particular users, or in many other ways.

In the example method depicted in FIG. 4, the access policy (414) can specify a transformation to apply to a predefined data object. The predefined data object specified in the access policy (414) may be embodied, for example, as one or more particular data fields within data that is stored on the storage device (412), as data stored on the storage device (412) that adheres to a predefined format, as data stored on the storage device (412) that is of a particular data type, and so on. The access policy (414) that specifies a transformation to apply to a predefined data object may be embodied, for example, as a set of predefined rules that specify changes to be made to a predefined data object when such a predefined data object is identified as being contained within data stored on the storage device (412). Readers will appreciate that in some embodiments, the access policy (414) can specify a transformation to apply to multiple predefined data objects, the access policy (414) can specify multiple transformations to apply to a predefined data object, the access policy (414) can specify multiple transformations to apply to multiple predefined data objects, or any combination thereof.

Consider an example in which a particular access policy (414) specifies a transformation to apply to a predefined data object that adheres to the following predefined formats: ###-##-####, ##/##/####, and (###)###-####, where ‘#” represents a wildcard character. In such an example, the predefined formats may represent standard formats for confidential information in the form of a social security number, a date of birth, and a telephone number. In such an example, the access policy (414) may include a rule specifying that, when data in one of the predefined formats is discovered within a snapshot (416), each wildcard character should be replaced by a value of ‘1’.

Consider an additional example in which a particular access policy (414) specifies a transformation to apply to a predefined data object that is of a particular data type such as integer data. In such an example, integer data may be viewed as a data type whose contents are more likely to represent standard formats for confidential information such as credit card numbers, social security numbers, and so on. In such an example, the access policy (414) may include a rule specifying that, when integer data is discovered within a snapshot (416), each integer should be replaced by a value of ‘1’.

Readers will appreciate that an access policy (414) may also specify a transformation to apply to a predefined data object that is of a particular subject matter type. For example, the access policy (414) may include a rule specifying that, when financial data is discovered within a snapshot (416), each integer should be replaced by a value of ‘1’, each letter should be replaced by a value of ‘X’, and so on. Likewise, another access policy (414) may include a rule specifying that, when healthcare data is discovered within a snapshot (416), each integer should be replaced by a value of ‘1’, each letter should be replaced by a value of ‘X’, and so on. In such a way, general categories of data may be masked regardless of the particular format that the data takes.

The example method depicted in FIG. 4 also includes receiving (404) a first request (418) to access a portion of the snapshot (416). In the example method depicted in FIG. 4, the first request (418) to access a portion of the snapshot (416) is received from a user (420), although a user (420) is not required according to some embodiments of the present disclosure. If present, such a user (420) may be embodied, for example, as a user of the storage system such as a computing device that is coupled to the storage system via a SAN or other network, as a system-level entity such as the operating system or the array operating environment described above, as a support technician that is remotely logged into the storage array, or as some other form of user. In the example method depicted in FIG. 4, receiving (404) the first request (418) to access a portion of the snapshot (416) may be carried out, for example, by a user (420) issuing a request to read the portion of the snapshot, by a user (420) issuing a request to copy the portion of the snapshot from a first location within the storage system (400) to a second location within the storage system, by a user (420) issuing a request to copy the portion of the snapshot from a first location within the storage system (400) to a location within another storage system, by a user (420) of the storage system issuing a request to replicate the portion of the snapshot to a backup location that is external to the storage system (400), by a user (420) of the storage system issuing a request to mount the portion of the snapshot, or by some other entity issuing similar requests. In the example method depicted in FIG. 4, the first request (418) to access the portion of the snapshot (416) may be received (404), for example, via a message that is received over a SAN or in some other way.

The example method depicted in FIG. 4 also includes responsive to receiving the first request (418), creating (406) a transformed snapshot portion (408) by applying a transformation specified in the access policy (414) to a data object contained within the portion of the snapshot (416). In the example method depicted in FIG. 4, creating (406) a transformed snapshot portion (408) by applying a transformation specified in the access policy (414) to a data object contained within the portion of the snapshot (416) may be carried out, for example, by searching the portion of the snapshot (416) to identify data that matches a predefined data object that is specified in the access policy (414). Upon discovering data contained in the portion of the snapshot (416) that matches a particular predefined data object that is specified in the access policy (414), a transformed snapshot portion (408) may be created (406) by applying the transformation that the access policy (404) specifies to apply to the particular predefined data object.

Consider the example described above in which a particular access policy (414) specifies that for predefined data objects that adhere to the following predefined formats: ###-##-####, ##/##/####, and (###)###-####, each wildcard should be replaced by a value of ‘1’. In such an example, creating (406) a transformed snapshot portion (408) may be carried out by searching the portion of the snapshot (416) to identify data that adheres to the predefined formats described above. Upon discovering data that adheres to the predefined formats described above in the portion of the snapshot (416), a transformed snapshot portion (408) may be created (406) by replacing each wildcard character with a value of ‘1’. For example, the discovery of data such as ‘123-45-6789’ would result in a transformed snapshot portion (408) where such data would be transformed to ‘111-11-1111’.

The example method depicted in FIG. 4 further includes responsive to receiving the first request (418), presenting (410) the transformed snapshot portion (408). Presenting (410) the transformed snapshot portion (408) may be carried out, for example, by sending the transformed snapshot portion (408) to the user (420) via one or more messages that are sent over a SAN or other form of data communications message. Such a transformed snapshot portion (408) may include portions of the snapshot (416) that were not transformed as well as portions of the snapshot (416) that were transformed by applying a transformation specified in the access policy (414) to one or more data objects contained within the snapshot (416). Readers will appreciate that presenting (410) the transformed snapshot portion (408) can coincide with providing the user (420) with access to an unmodified portion of the snapshot (416) that the user (420) requested access to by issuing the first request (418), such that the user (420) is given access to the entire snapshot portion, with some information effectively masked by applying the transformations specified in the access policy (414).

For further explanation, FIG. 5 sets forth a flow chart illustrating an additional example method for on-demand content filtering of snapshots within a storage system (400) according to some embodiments of the present disclosure. The example method depicted in FIG. 5 is similar to the example method depicted in FIG. 4, as the example method depicted in FIG. 5 also includes associating (402) an access policy (414) with a snapshot (416), receiving (404) a first request (418) to access a portion of the snapshot (416), creating (406) a transformed snapshot portion (408) by applying a transformation specified in the access policy (414) to one or more data objects contained within the portion of the snapshot (416), and presenting (410) the transformed snapshot portion (408).

The example method depicted in FIG. 5 also includes identifying (502) one or more data objects within the portion of the snapshot (416) that match a predefined data object specified in the access policy (414). In the example method depicted in FIG. 5, identifying one or more data objects within the portion of the snapshot (416) that match a predefined data object specified in the access policy (414) may be carried out, for example, by identifying one or more data objects within the portion of the snapshot (416) that correspond to the one or more particular data fields specified in the access policy (414), by identifying one or more data objects within the portion of the snapshot (416) that are of the same data type as the one or more data types specified in the access policy (414), by identifying one or more data objects within the portion of the snapshot (416) that adhere to a particular data format as specified in the access policy (414), and in other ways. As such, identifying one or more data objects within the portion of the snapshot (416) that match a predefined data object specified in the access policy (414) can generally be carried out by examining the data (or even the metadata) contained in a particular snapshot to determine whether some portion of the data contained in a particular snapshot matches one or more of the predefined data objects that are specified in the access policy (414).

The example method depicted in FIG. 5 also includes creating (504) modified versions of the one or more data objects within the portion of the snapshot (416) that match the predefined data object specified in the access policy (414) by applying the transformation to apply to the predefined data object. Creating (504) modified versions of the one or more data objects within the portion of the snapshot (416) that match the predefined data object specified in the access policy (414), for example, by modifying the one or more data objects within the portion of the snapshot (416) that match the predefined data object specified in accordance with the access policy (414) to generate modified versions of the one or more data objects within the portion of the snapshot (416). Continuing with the example described above, some portion of the snapshot (416) includes data that takes the format of “(123)456-7890,” that portion of the snapshot (416) may be overwritten in place to include data that takes the format of “(111)111-1111.”

Readers will appreciate that in alternative embodiments where the underlying storage devices do not support the in-place overwrite of data, the modified versions of the one or more data objects within the portion of the snapshot (416) that match the predefined data object specified in the access policy (414) may be stored at a location within the storage device (412) or at some other location within the read path that is distinct from the location at which the unmodified version of the one or more data objects within the portion of the snapshot (416) that match the predefined data object specified in the access policy (414) are stored. Consider an example in which the portion of the snapshot (416) resides at addresses 9000-10000 of a first volume. In such an example, assume that data that takes the format of “(123)456-7890” is discovered at addresses 9101-9112 of the first volume. In such an example, by applying the transformations described above, a modified version of such a data object can be created that takes the format of “(111)111-1111” and is stored at addresses 10001-10012 of the first volume. In this example, mapping tables or other internal data structures may be updated such that the portion of the snapshot (416) is specified as including the content of addresses 9000-9100 of the first volume, followed by the contents of addresses 10001-10012 of the first volume, followed by the content of addresses 9113-10000 of the first volume.

For further explanation, FIG. 6 sets forth a flow chart illustrating an additional example method for on-demand content filtering of snapshots within a storage system (400) according to some embodiments of the present disclosure. The example method depicted in FIG. 6 is similar to the example method depicted in FIG. 4, as the example method depicted in FIG. 6 also includes associating (402) an access policy (414) with a snapshot (416), receiving (404) a first request (418) to access a portion of the snapshot (416), creating (406) a transformed snapshot portion (408) by applying a transformation specified in the access policy (414) to one or more data objects contained within the portion of the snapshot (416), and presenting (410) the transformed snapshot portion (408).

The example method depicted in FIG. 6 also includes storing (602), within the storage system (400), the transformed snapshot portion (408). In the example method depicted in FIG. 6, the portion of the snapshot (416) may be stored at a first location of the storage device (412) and the transformed snapshot portion (408) may be stored at a second location of the storage device (412), or even at some other location within the storage system. Readers will appreciate that the portion of the snapshot (416) may be stored at a first location of the storage device (412) and the transformed snapshot portion (408) may be stored at a second location of the storage device (412), for example, because the underlying storage device (412) may not support in-place overwrites of data. For example, the storage device (412) may be embodied as NAND-based flash memory that does not support in-place overwrites of data. In NAND-based flash memory, data cannot be directly overwritten as it can be in a hard disk drive. As such, the transformed snapshot portion (408) must be stored at a second location of the storage device (412), rather than simply overwriting, at the first location, the portion of the snapshot (416).

Readers will appreciate that the transformed snapshot portion (408) may include portions of the snapshot (416) that were not transformed as well as portions of the snapshot (416) that were transformed by applying a transformation specified in the access policy (414) to one or more data objects contained within the snapshot (416). In such an example, storing (602) the transformed snapshot portion (408) can include modifying mapping tables or other data structures that are used to map logical or physical addresses of data to a particular snapshot, thereby defining the transformed snapshot portion (408) as a collection of data stored at the logical or physical addresses specified in the mapping tables or other data structure utilized by a particular storage system.

For further explanation, FIG. 7 sets forth an additional example method for on-demand content filtering of snapshots within a storage system (400) stored on a storage device (412) according to some embodiments of the present disclosure. The example method depicted in FIG. 7 is similar to the example method depicted in FIG. 4 and FIG. 6, as the example method depicted in FIG. 7 also includes associating (402) an access policy (414) with a snapshot (416), receiving (404) a first request (418) to access a portion of the snapshot (416), creating (406) a transformed snapshot portion (408) by applying a transformation specified in the access policy (414) to one or more data objects contained within the portion of the snapshot (416), presenting (410) the transformed snapshot portion (408), and storing (602) the transformed snapshot portion (408) within the storage system (400).

In the example method depicted in FIG. 7, storing (602) the transformed snapshot portion (408) within the storage system (400) can include storing (702) modified versions of the one or more data objects within the portion of the snapshot (416) that match the predefined data object specified in the access policy (414), without storing, within the storage system (400), an additional copy of data objects within the portion of the snapshot (416) that do not match a predefined data object specified in the access policy (414). Readers will appreciate that, as described above, the transformed snapshot portion (408) may include portions of the snapshot (416) that were not transformed as well as portions of the snapshot (416) that were transformed by applying a transformation specified in the access policy (414) to one or more data objects contained within the snapshot (416). In such an example, rather than storing an additional copy of data objects within the portion of the snapshot (416) that do not match a predefined data object specified in the access policy (414), storing (602) the transformed snapshot portion (408) within the storage system (400) may be carried out by only storing (702) modified versions of the one or more data objects within the portion of the snapshot (416) that match the predefined data object specified in the access policy (414) and modifying mapping tables or other data structures that are used to map logical or physical addresses of data to a particular snapshot, thereby defining the transformed snapshot portion (408) as a collection of data stored at the logical or physical addresses specified in the mapping tables or other data structure utilized by a particular storage system.

For further explanation, FIG. 8 sets forth an additional example method on-demand content filtering of snapshots within a storage system (400) according to some embodiments of the present disclosure. The example method depicted in FIG. 8 is similar to the example method depicted in FIG. 4 and FIG. 6, as the example method depicted in FIG. 8 also includes associating (402) an access policy (414) with a snapshot (416), receiving (404) a first request (418) to access a portion of the snapshot (416), creating (406) a transformed snapshot portion (408) by applying a transformation specified in the access policy (414) to one or more data objects contained within the portion of the snapshot (416), presenting (410) the transformed snapshot portion (408), and storing (602) the transformed snapshot portion (408) within the storage system (400).

The example method depicted in FIG. 8 also includes receiving (804) a second request (802) to access the portion the snapshot (416). In the example method depicted in FIG. 8, receiving (804) a second request (802) to access the portion the snapshot (416) may be carried out, for example, by a user (806) issuing a request to read the portion of the snapshot, by a user (808) issuing a request to copy the portion of the snapshot from a first location within the storage system (400) to a second location within the storage system, by a user (808) issuing a request to copy the portion of the snapshot from a first location within the storage system (400) to a location within another storage system, by a user (808) of the storage system issuing a request to replicate the portion of the snapshot to a backup location that is external to the storage system (400), by a user (808) of the storage system issuing a request to mount the portion of the snapshot, and so on. In the example method depicted in FIG. 8, the second request (802) to access the portion of the snapshot (416) may be received (804), for example, via a message that is received over a SAN or in some other way.

Readers will appreciate that although the example method depicted in FIG. 8 depicts an embodiment where the second request (802) is received from a different user (808) than the user (420) that issued the first request (418), the requests (418, 802) may also be issued by the same user. Readers will appreciate that when a first request (418) to access a portion of the snapshot is received (404), the storage system (400) may need to create (406) a transformed snapshot portion (408) by applying one or more transformations specified in the access policy (414) and the storage system (400) may subsequently store (602) the transformed snapshot portion (408) within a storage device (412) that is included within the storage system (400), or at some other location within the storage system (400). When a second request (802) to access the portion the snapshot (416) is received (804), regardless of which user initiated the second request (802), the storage system (400) need not perform the tasks of creating (406) a transformed snapshot portion (408) by applying one or more transformations specified in the access policy (414) or storing (602) the transformed snapshot portion (408) within the storage system (400), as the storage system already has retained a transformed snapshot portion (408) within the storage system (400).

The example method depicted in FIG. 8 also includes, in response to receiving the second request (804) to access the portion the snapshot, presenting (806) the transformed snapshot portion (408) stored within the storage system (400). In the example method depicted in FIG. 8, presenting (806) the transformed snapshot portion (408) stored within the storage system (400) may be carried out, for example, by sending to the user (808) that initiated the second request (804) the transformed snapshot portion (408) stored within the storage system (400) via one or more messages that are sent over a SAN or other form of data communications message. Such a transformed snapshot portion (408) may include portions of the snapshot (416) that were not transformed as well as portions of the snapshot (416) that were transformed by applying a transformation specified in the access policy (414) to one or more data objects contained within the snapshot (416). Readers will appreciate that sending the transformed snapshot portion (408) to the user (808) can coincide with providing the user (808) with access to an unmodified portion of the snapshot (416) that the user (808) requested access to by issuing the first request (418), such that the user (808) is given access to the entire snapshot portion, with some information effectively masked by applying the transformations specified in the access policy (414). Readers will appreciate that because the transformed snapshot portion (408) was stored after the first request (418) to access a portion of the snapshot (416) was received (404), the transformed snapshot portion (408) can be sent to the user without performing the steps required to recreate the transformed snapshot portion (408). By servicing the second request (802) without performing the steps required to recreate the transformed snapshot portion (408), system resources may be preserved for other tasks, thereby improving the storage system's ability to perform other tasks.

Readers will further appreciate that although the preceding paragraphs describe an embodiment where a first request (418) to access a portion of the snapshot (416) is received (404) and a second request (802) to access the same portion of the snapshot (416) is subsequently received (804), requests to access partially overlapping portions of the snapshot (416) may also be handled in a way where providing access to the overlapping portions of the snapshot (416) may be carried out without performing the steps required to recreate the overlapping portions of the transformed snapshot portion (408). Consider an example in which the first request (418) includes a request to access a portion of the snapshot (416) that is stored at addresses 0-1000 within a particular volume. Assume in such an example, that a second request (802) includes a request to access a portion of the snapshot (416) that is stored at addresses 500-1500 within the same particular volume. In such an example, the portion of the snapshot (416) that is stored at addresses 1001-1500 may undergo the transformation processes in response to the second request (802), but the previously generated transformed snapshot portion (408) that represents the portion of the snapshot (416) that is stored at addresses 500-1000 may be retrieved from the storage system (400) without needing to again performing the steps required to recreate the overlapping portions of the transformed snapshot portion (408) that represents the portion of the snapshot (416) that is stored at addresses 500-1000.

For further explanation, FIG. 9 sets forth an additional example method on-demand content filtering of snapshots within a storage system (400) stored on a storage device (412) according to some embodiments of the present disclosure. The example method depicted in FIG. 9 is similar to the example method depicted in FIG. 4, as the example method depicted in FIG. 9 also includes associating (402) an access policy (414) with a snapshot (416), receiving (404) a first request (418) to access a portion of the snapshot (416), creating (406) a transformed snapshot portion (408) by applying a transformation specified in the access policy (414) to one or more data objects contained within the portion of the snapshot (416), and presenting (410) the transformed snapshot portion (408).

In the example method depicted in FIG. 9, creating (406) a transformed snapshot portion (408) by applying a transformation specified in the access policy (414) to one or more data objects contained within the portion of the snapshot (416) can include masking (902) types of information (904) in the data that are to be made inaccessible. The particular types of information (904) that are to be made inaccessible may be specified in the access policy (414) depicted in FIG. 9. The particular types of information (904) that are to be made inaccessible may be embodied, for example, as predetermined categories of data such as credit card numbers, social security numbers, names, system configuration information, encryption keys or other security information, or other types of information that has been determined to be of a confidential nature such that no user should have the privileges to access such data. Alternatively, each user may have certain access privileges such that one user can access data that another user is not able to access. In the example method depicted in FIG. 9, masking (902) types of information (904) in the data that are to be made inaccessible may be carried out, for example, by nulling out any data that is to be made inaccessible, by encrypting any data that is to be made inaccessible, or by otherwise preventing access to the data that is to be made inaccessible.

The embodiments below describe a storage cluster that stores user data, such as user data originating from one or more user or client systems or other sources external to the storage cluster. The storage cluster can distribute user data across storage nodes housed within a chassis, for example, using erasure coding and redundant copies of metadata. Erasure coding refers to a method of data protection or reconstruction in which data is stored across a set of different locations, such as disks, storage nodes, geographic locations, and so on. Flash memory is one type of solid-state memory that may be integrated with the embodiments, although the embodiments may be extended to other types of solid-state memory or other storage medium, including non-solid state memory. Control of storage locations and workloads may be distributed across the storage locations in a clustered peer-to-peer system. Tasks such as mediating communications between the various storage nodes, detecting when a storage node has become unavailable, and balancing I/Os (inputs and outputs) across the various storage nodes, may all be handled on a distributed basis. Data may be laid out or distributed across multiple storage nodes in data fragments or stripes that support data recovery in some embodiments. Ownership of data can be reassigned within a cluster, independent of input and output patterns. This architecture described in more detail below allows a storage node in the cluster to fail, with the system remaining operational, since the data can be reconstructed from other storage nodes and thus remain available for input and output operations. In various embodiments, a storage node may be referred to as a cluster node, a blade, or a server.

The storage cluster may be contained within a chassis, i.e., an enclosure housing one or more storage nodes. A mechanism to provide power to each storage node, such as a power distribution bus, and a communication mechanism, such as a communication bus that enables communication between the storage nodes may be included within the chassis. The storage cluster can run as an independent system in one location according to some embodiments. In one embodiment, a chassis contains at least two instances of both the power distribution and the communication bus which may be enabled or disabled independently. The internal communication bus may be an Ethernet bus, however, other technologies such as Peripheral Component Interconnect (PCI) Express, InfiniBand, and others, are suitable. The chassis can provide a port for an external communication bus for enabling communication between multiple chassis, directly or through a switch, and with client systems. The external communication may use a technology such as Ethernet, InfiniBand, Fibre Channel, etc. In some embodiments, the external communication bus uses different communication bus technologies for inter-chassis and client communication. If a switch is deployed within or between chassis, the switch may act as a translation between multiple protocols or technologies. When multiple chassis are connected to define a storage cluster, the storage cluster may be accessed by a client using either proprietary interfaces or standard interfaces such as network file system (NFS), common internet file system (CIFS), small computer system interface (SCSI), hypertext transfer protocol (HTTP), or other suitable interface. Translation from the client protocol may occur at the switch, chassis external communication bus or within each storage node.

Each storage node may be one or more storage servers and each storage server may be connected to one or more non-volatile solid state memory units, which may be referred to as storage units or storage devices. One embodiment includes a single storage server in each storage node and between one to eight non-volatile solid state memory units, however this one example is not meant to be limiting. The storage server may include a processor, DRAM, and interfaces for the internal communication bus and power distribution for each of the power buses. Inside the storage node, the interfaces and storage unit may share a communication bus, e.g., PCI Express, in some embodiments. The non-volatile solid state memory units may directly access the internal communication bus interface through a storage node communication bus, or request the storage node to access the bus interface. The non-volatile solid state memory unit may contain an embedded CPU, solid state storage controller, and a quantity of solid state mass storage, e.g., between 2-32 terabytes (TB) in some embodiments. An embedded volatile storage medium, such as DRAM, and an energy reserve apparatus may be included in the non-volatile solid state memory unit. In some embodiments, the energy reserve apparatus is a capacitor, super-capacitor, or battery that enables transferring a subset of DRAM contents to a stable storage medium in the case of power loss. In some embodiments, the non-volatile solid state memory unit is constructed with a storage class memory, such as phase change or magnetoresistive random access memory (MRAM) that substitutes for DRAM and enables a reduced power hold-up apparatus.

One of many features of the storage nodes and non-volatile solid state storage may be the ability to proactively rebuild data in a storage cluster. The storage nodes and non-volatile solid state storage may be able to determine when a storage node or non-volatile solid state storage in the storage cluster is unreachable, independent of whether there is an attempt to read data involving that storage node or non-volatile solid state storage. The storage nodes and non-volatile solid state storage may then cooperate to recover and rebuild the data in at least partially new locations. This constitutes a proactive rebuild, in that the system rebuilds data without waiting until the data is needed for a read access initiated from a client system employing the storage cluster. These and further details of the storage memory and operation thereof are discussed below.

FIG. 10 illustrates a perspective view of a storage cluster (1002), with multiple storage nodes (1012) and internal solid-state memory coupled to each storage node to provide network attached storage or storage area network, in accordance with some embodiments. A network attached storage, storage area network, or a storage cluster, or other storage memory, could include one or more storage clusters (1002), each having one or more storage nodes (1012), in a flexible and reconfigurable arrangement of both the physical components and the amount of storage memory provided thereby. The storage cluster (1002) may be designed to fit in a rack, and one or more racks can be set up and populated as desired for the storage memory. The storage cluster (1002) may include a chassis (1004) having multiple slots (1024). It should be appreciated that chassis (1004) may be referred to as a housing, enclosure, or rack unit. In one embodiment, the chassis (1004) has fourteen slots (1024), although other numbers of slots are readily devised. For example, some embodiments have four slots, eight slots, sixteen slots, thirty-two slots, or other suitable number of slots. Each slot (1024) can accommodate one storage node (1012) in some embodiments. The chassis (1004) may include flaps (1006) that can be utilized to mount the chassis (1004) on a rack. Fans (1010) may provide air circulation for cooling of the storage nodes (1012) and components thereof, although other cooling components could be used, or an embodiment could be devised without cooling components. A switch fabric (1008) may couple storage nodes (1012) within chassis (1004) together and to a network for communication to the memory. In an embodiment depicted in FIG. 10, the slots (1024) to the left of the switch fabric (1008) and fans (1010) are shown occupied by storage nodes (1012), while the slots (1024) to the right of the switch fabric (1008) and fans (1010) are empty and available for insertion of storage node (1012) for illustrative purposes. This configuration is one example, and one or more storage nodes (1012) could occupy the slots (1024) in various further arrangements. The storage node arrangements need not be sequential or adjacent in some embodiments. Storage nodes (1012) may be hot pluggable, meaning that a storage node (1012) can be inserted into a slot (1024) in the chassis (1004), or removed from a slot (1024), without stopping or powering down the system. Upon insertion or removal of a storage node (1012) from a slot (1024), the system may automatically reconfigure in order to recognize and adapt to the change. Reconfiguration, in some embodiments, includes restoring redundancy and/or rebalancing data or load.

Each storage node (1012) can have multiple components. In the embodiment shown here, the storage node (1012) includes a printed circuit board (1022) populated by a CPU (1016), i.e., processor, a memory (1014) coupled to the CPU (1016), and a non-volatile solid state storage (1018) coupled to the CPU (1016), although other mountings and/or components could be used in further embodiments. The memory (1014) may include instructions which are executed by the CPU (1016) and/or data operated on by the CPU (1016). As further explained below, the non-volatile solid state storage (1018) may include flash or, in further embodiments, other types of solid-state memory.

Referring to FIG. 10, the storage cluster (1002) may be scalable, meaning that storage capacity with non-uniform storage sizes may be readily added, as described above. One or more storage nodes (1012) can be plugged into or removed from each chassis and the storage cluster self-configures in some embodiments. Plug-in storage nodes (1012), whether installed in a chassis as delivered or later added, can have different sizes. For example, in one embodiment a storage node (1012) can have any multiple of 4 TB, e.g., 8 TB, 12 TB, 16 TB, 32 TB, etc. In further embodiments, a storage node (1012) could have any multiple of other storage amounts or capacities. Storage capacity of each storage node (1012) may be broadcast, and may influence decisions of how to stripe the data. For maximum storage efficiency, an embodiment can self-configure as wide as possible in the stripe, subject to a predetermined requirement of continued operation with loss of up to one, or up to two, non-volatile solid state storage (1018) units or storage nodes (1012) within the chassis.

FIG. 11 illustrates a block diagram showing a communications interconnect (1104) and power distribution bus (1106) coupling multiple storage nodes (1012) according to some embodiments of the present disclosure. Referring back to FIG. 10, the communications interconnect (1104) can be included in or implemented with the switch fabric (1008) in some embodiments. Where multiple storage clusters occupy a rack, the communications interconnect (1104) can be included in or implemented with a top of rack switch, in some embodiments. In the example depicted in FIG. 11, the storage cluster may be enclosed within a single chassis (1004). An external port (1110) may be coupled to storage nodes (1012) through the communications interconnect (1104), while another external port (1112) may be coupled directly to a storage node (1012). An external power port (1108) may be coupled to a power distribution bus (1106). The storage nodes (1012) may include varying amounts and differing capacities of non-volatile solid state storage (1018) as described with reference to FIG. 10. In addition, one or more storage nodes (1012) may be a compute only storage node as illustrated in FIG. 11. Authorities (1102) may be implemented on the non-volatile solid state storage (1018), for example as lists or other data structures stored in memory. In some embodiments the authorities may be stored within the non-volatile solid state storage (1018) and supported by software executing on a controller or other processor of the non-volatile solid state storage (1018). In a further embodiment, the authorities (1102) may be implemented on the storage nodes (1012), for example, as lists or other data structures stored in memory and supported by software executing on a CPU of the storage node (1012). The authorities (1102) may control how and where data is stored in the non-volatile solid state storage (1018) in some embodiments. This control may assist in determining which type of erasure coding scheme is applied to the data, and which storage nodes (1012) have which portions of the data. Each authority (1102) may be assigned to a non-volatile solid state storage (1018). Each authority may also control a range of inode numbers, segment numbers, or other data identifiers which are assigned to data by a file system, by the storage nodes (1012), or by the non-volatile solid state storage (1018), in various embodiments.

Every piece of data, and every piece of metadata, may have redundancy in the system in some embodiments. In addition, every piece of data and every piece of metadata may have an owner, which may be referred to as an authority (1102). If that authority (1102) is unreachable, for example through failure of a storage node (1012), there may be a plan of succession for how to find that data or that metadata. In various embodiments, there are redundant copies of authorities (1102). Authorities (1102) may have a relationship to storage nodes (1012) and to non-volatile solid state storage (1018) in some embodiments. Each authority (1102), covering a range of data segment numbers or other identifiers of the data, may be assigned to a specific non-volatile solid state storage (1018). In some embodiments the authorities (1102) for all of such ranges are distributed over the non-volatile solid state storage (1018) of a storage cluster. Each storage node (1012) may have a network port that provides access to the non-volatile solid state storage (1018) of that storage node (1012). Data can be stored in a segment, which is associated with a segment number and that segment number is an indirection for a configuration of a RAID stripe in some embodiments. The assignment and use of the authorities (1102) may therefore establish an indirection to data. Indirection may be referred to as the ability to reference data indirectly, in this case via an authority (1102), in accordance with some embodiments. A segment may identify a set of non-volatile solid state storage (1018) and a local identifier into the set of non-volatile solid state storage (1018) that may contain data. In some embodiments, the local identifier is an offset into the device and may be reused sequentially by multiple segments. In other embodiments the local identifier is unique for a specific segment and never reused. The offsets in the non-volatile solid state storage (1018) may be applied to locating data for writing to or reading from the non-volatile solid state storage (1018) (in the form of a RAID stripe). Data may be striped across multiple units of non-volatile solid state storage (1018), which may include or be different from the non-volatile solid state storage (1018) having the authority (1102) for a particular data segment.

If there is a change in where a particular segment of data is located, e.g., during a data move or a data reconstruction, the authority (1102) for that data segment may be consulted, at that non-volatile solid state storage (1018) or storage node (1012) having that authority (1102). In order to locate a particular piece of data, embodiments calculate a hash value for a data segment or apply an inode number or a data segment number. The output of this operation points to a non-volatile solid state storage (1018) having the authority (1102) for that particular piece of data. In some embodiments there are two stages to this operation. The first stage maps an entity identifier (ID), e.g., a segment number, inode number, or directory number to an authority identifier. This mapping may include a calculation such as a hash or a bit mask. The second stage is mapping the authority identifier to a particular non-volatile solid state storage (1018), which may be done through an explicit mapping. The operation is repeatable, so that when the calculation is performed, the result of the calculation repeatably and reliably points to a particular non-volatile solid state storage (1018) having that authority (1102). The operation may include the set of reachable storage nodes as input. If the set of reachable non-volatile solid state storage units changes the optimal set changes. In some embodiments, the persisted value is the current assignment (which is always true) and the calculated value is the target assignment the cluster will attempt to reconfigure towards. This calculation may be used to determine the optimal non-volatile solid state storage (1018) for an authority in the presence of a set of non-volatile solid state storage (1018) that are reachable and constitute the same cluster. The calculation also determines an ordered set of peer non-volatile solid state storage (1018) that will also record the authority to non-volatile solid state storage mapping so that the authority may be determined even if the assigned non-volatile solid state storage is unreachable. A duplicate or substitute authority (1102) may be consulted if a specific authority (1102) is unavailable in some embodiments.

With reference to FIGS. 10 and 11, two of the many tasks of the CPU (1016) on a storage node (1012) are to break up write data and reassemble read data. When the system has determined that data is to be written, the authority (1102) for that data is located as above. When the segment ID for data is already determined the request to write is forwarded to the non-volatile solid state storage (1018) currently determined to be the host of the authority (1102) determined from the segment. The host CPU (1016) of the storage node (1012), on which the non-volatile solid state storage (1018) and corresponding authority (1102) reside, may then breaks up or shard the data and transmits the data out to various non-volatile solid state storage (1018). The transmitted data may be written as a data stripe in accordance with an erasure coding scheme. In some embodiments, data is requested to be pulled, and in other embodiments, data is pushed. In reverse, when data is read, the authority (1102) for the segment ID containing the data is located as described above. The host CPU (1016) of the storage node (1012) on which the non-volatile solid state storage (1018) and corresponding authority (1102) reside may request the data from the non-volatile solid state storage and corresponding storage nodes pointed to by the authority. In some embodiments the data is read from flash storage as a data stripe. The host CPU (1016) of storage node (1012) may then reassemble the read data, correcting any errors (if present) according to the appropriate erasure coding scheme, and forward the reassembled data to the network. In further embodiments, some or all of these tasks can be handled in the non-volatile solid state storage (1018). In some embodiments, the segment host requests the data be sent to storage node (1012) by requesting pages from storage and then sending the data to the storage node making the original request.

In some systems, for example in UNIX-style file systems, data is handled with an index node or inode, which specifies a data structure that represents an object in a file system. The object could be a file or a directory, for example. Metadata may accompany the object, as attributes such as permission data and a creation timestamp, among other attributes. A segment number could be assigned to all or a portion of such an object in a file system. In other systems, data segments are handled with a segment number assigned elsewhere. For purposes of discussion, the unit of distribution may be an entity, and an entity can be a file, a directory or a segment. That is, entities are units of data or metadata stored by a storage system. Entities may be grouped into sets called authorities. Each authority may have an authority owner, which is a storage node that has the exclusive right to update the entities in the authority. In other words, a storage node may contain the authority, and that the authority may, in turn, contain entities.

A segment may be a logical container of data in accordance with some embodiments. A segment may be an address space between medium address space and physical flash locations, i.e., the data segment number, are in this address space. Segments may also contain meta-data, which enable data redundancy to be restored (rewritten to different flash locations or devices) without the involvement of higher level software. In one embodiment, an internal format of a segment contains client data and medium mappings to determine the position of that data. Each data segment may be protected, e.g., from memory and other failures, by breaking the segment into a number of data and parity shards, where applicable. The data and parity shards may be distributed, i.e., striped, across non-volatile solid state storage (1018) coupled to the host CPUs (1016) in accordance with an erasure coding scheme. Usage of the term segments refers to the container and its place in the address space of segments in some embodiments. Usage of the term stripe refers to the same set of shards as a segment and includes how the shards are distributed along with redundancy or parity information in accordance with some embodiments.

A series of address-space transformations may take place across an entire storage system. At the top may be the directory entries (file names) which link to an inode. Inodes may point into medium address space, where data is logically stored. Medium addresses may be mapped through a series of indirect mediums to spread the load of large files, or implement data services like deduplication or snapshots. Medium addresses may be mapped through a series of indirect mediums to spread the load of large files, or implement data services like deduplication or snapshots. Segment addresses may then be translated into physical flash locations. Physical flash locations may have an address range bounded by the amount of flash in the system in accordance with some embodiments. Medium addresses and segment addresses may be logical containers, and in some embodiments use a 128 bit or larger identifier so as to be practically infinite, with a likelihood of reuse calculated as longer than the expected life of the system. Addresses from logical containers are allocated in a hierarchical fashion in some embodiments. Initially, each non-volatile solid state storage (1018) unit may be assigned a range of address space. Within this assigned range, the non-volatile solid state storage (1018) may be able to allocate addresses without synchronization with other non-volatile solid state storage (1018).

Data and metadata may be stored by a set of underlying storage layouts that are optimized for varying workload patterns and storage devices. These layouts may incorporate multiple redundancy schemes, compression formats and index algorithms. Some of these layouts may store information about authorities and authority masters, while others may store file metadata and file data. The redundancy schemes may include error correction codes that tolerate corrupted bits within a single storage device (such as a NAND flash chip), erasure codes that tolerate the failure of multiple storage nodes, and replication schemes that tolerate data center or regional failures. In some embodiments, low density parity check (LDPC) code is used within a single storage unit. Reed-Solomon encoding may be used within a storage cluster, and mirroring may be used within a storage grid in some embodiments. Metadata may be stored using an ordered log structured index (such as a Log Structured Merge Tree), and large data may not be stored in a log structured layout.

In order to maintain consistency across multiple copies of an entity, the storage nodes may agree implicitly on two things through calculations: (1) the authority that contains the entity, and (2) the storage node that contains the authority. The assignment of entities to authorities can be done by pseudo randomly assigning entities to authorities, by splitting entities into ranges based upon an externally produced key, or by placing a single entity into each authority. Examples of pseudorandom schemes are linear hashing and the Replication Under Scalable Hashing (RUSH) family of hashes, including Controlled Replication Under Scalable Hashing (CRUSH). In some embodiments, pseudo-random assignment is utilized only for assigning authorities to nodes because the set of nodes can change. The set of authorities cannot change so any subjective function may be applied in these embodiments. Some placement schemes automatically place authorities on storage nodes, while other placement schemes rely on an explicit mapping of authorities to storage nodes. In some embodiments, a pseudorandom scheme is utilized to map from each authority to a set of candidate authority owners. A pseudorandom data distribution function related to CRUSH may assign authorities to storage nodes and create a list of where the authorities are assigned. Each storage node has a copy of the pseudorandom data distribution function, and can arrive at the same calculation for distributing, and later finding or locating an authority. Each of the pseudorandom schemes requires the reachable set of storage nodes as input in some embodiments in order to conclude the same target nodes. Once an entity has been placed in an authority, the entity may be stored on physical devices so that no expected failure will lead to unexpected data loss. In some embodiments, rebalancing algorithms attempt to store the copies of all entities within an authority in the same layout and on the same set of machines.

Examples of expected failures include device failures, stolen machines, datacenter fires, and regional disasters, such as nuclear or geological events. Different failures may lead to different levels of acceptable data loss. In some embodiments, a stolen storage node impacts neither the security nor the reliability of the system, while depending on system configuration, a regional event could lead to no loss of data, a few seconds or minutes of lost updates, or even complete data loss.

In the embodiments, the placement of data for storage redundancy may be independent of the placement of authorities for data consistency. In some embodiments, storage nodes that contain authorities may not contain any persistent storage. Instead, the storage nodes may be connected to non-volatile solid state storage units that do not contain authorities. The communications interconnect between storage nodes and non-volatile solid state storage units can consist of multiple communication technologies and has non-uniform performance and fault tolerance characteristics. In some embodiments, as mentioned above, non-volatile solid state storage units are connected to storage nodes via PCI express, storage nodes are connected together within a single chassis using Ethernet backplane, and chassis are connected together to form a storage cluster. Storage clusters may be connected to clients using Ethernet or fiber channel in some embodiments. If multiple storage clusters are configured into a storage grid, the multiple storage clusters are connected using the Internet or other long-distance networking links, such as a “metro scale” link or private link that does not traverse the internet.

Authority owners may have the exclusive right to modify entities, to migrate entities from one non-volatile solid state storage unit to another non-volatile solid state storage unit, and to add and remove copies of entities. This allows for maintaining the redundancy of the underlying data. When an authority owner fails, is going to be decommissioned, or is overloaded, the authority may be transferred to a new storage node. Transient failures can make it non-trivial to ensure that all non-faulty machines agree upon the new authority location. The ambiguity that arises due to transient failures can be achieved automatically by a consensus protocol such as Paxos, hot-warm failover schemes, via manual intervention by a remote system administrator, or by a local hardware administrator (such as by physically removing the failed machine from the cluster, or pressing a button on the failed machine). In some embodiments, a consensus protocol is used, and failover is automatic. If too many failures or replication events occur in too short a time period, the system may go into a self-preservation mode and halt replication and data movement activities until an administrator intervenes in accordance with some embodiments.

Persistent messages may be persistently stored prior to being transmitted. This allows the system to continue to serve client requests despite failures and component replacement. Although many hardware components contain unique identifiers that are visible to system administrators, manufacturer, hardware supply chain and ongoing monitoring quality control infrastructure, applications running on top of the infrastructure address may virtualize addresses. These virtualized addresses may not change over the lifetime of the storage system, regardless of component failures and replacements. This allows each component of the storage system to be replaced over time without reconfiguration or disruptions of client request processing.

In some embodiments, the virtualized addresses are stored with sufficient redundancy. A continuous monitoring system may correlate hardware and software status and the hardware identifiers. This allows detection and prediction of failures due to faulty components and manufacturing details. The monitoring system may also enable the proactive transfer of authorities and entities away from impacted devices before failure occurs by removing the component from the critical path in some embodiments.

FIG. 12 is a multiple level block diagram, showing contents of a storage node (1012) and contents of a non-volatile solid state storage (1018) of the storage node (1012) according to some embodiments of the present disclosure. Data may be communicated to and from the storage node (1012) by a network interface controller (NIC) (1202) in some embodiments. Each storage node (1012) may include a CPU (1016), and one or more non-volatile solid state storage (1018), as discussed above. Moving down one level in FIG. 12, each non-volatile solid state storage (1018) may have a relatively fast non-volatile solid state memory, such as NVRAM (1204), and flash memory (1206). In some embodiments, NVRAM (1204) may be a component that does not require program/erase cycles (DRAM, MRAM, PCM), and can be a memory that can support being written vastly more often than the memory is read from. Moving down another level in FIG. 12, the NVRAM (1204) may be implemented in one embodiment as high speed volatile memory, such as DRAM (1216), backed up by an energy reserve (1218). The energy reserve (1218) may provide sufficient electrical power to keep the DRAM (1216) powered long enough for contents to be transferred to the flash memory (1206) in the event of power failure. In some embodiments, the energy reserve (1218) is a capacitor, super-capacitor, battery, or other device, that supplies a suitable supply of energy sufficient to enable the transfer of the contents of DRAM (1216) to a stable storage medium in the case of power loss. The flash memory (1216) may be implemented as multiple flash dies (1222), which may be referred to as packages of flash dies (1222) or an array of flash dies (1222). It should be appreciated that the flash dies (1222) could be packaged in any number of ways, with a single die per package, multiple dies per package (i.e. multichip packages), in hybrid packages, as bare dies on a printed circuit board or other substrate, as encapsulated dies, etc. In the embodiment shown, the non-volatile solid state storage (1018) has a controller (1212) or other processor, and an I/O port (1210) coupled to the controller (1212). The I/O (1210) port may be coupled to the CPU (1016) and/or the network interface controller (1202) of the flash storage node (1012). A flash I/O (1220) port may be coupled to the flash dies (1222), and a DMA (1214) unit may be coupled to the controller (1212), the DRAM (1216), and the flash dies (1222). In the embodiment shown, the I/O (1210) port, controller (1212), DMA unit (1214), and flash I/O (1220) port may be implemented on a programmable logic device (PLD) (1208), e.g., an FPGA. In this embodiment, each flash die (1222) has pages, organized as sixteen kB (kilobyte) pages (1224) and a register (1226) through which data can be written to or read from the flash die (1222). In further embodiments, other types of solid-state memory are used in place of, or in addition to flash memory illustrated within flash die (1222).

Storage clusters, in various embodiments as disclosed herein, can be contrasted with storage arrays in general. The storage nodes (1012) may be part of a collection that creates the storage cluster. Each storage node (1012) may own a slice of data and computing required to provide the data. Multiple storage nodes (1012) can cooperate to store and retrieve the data. Storage memory or storage devices, as used in storage arrays in general, may be less involved with processing and manipulating the data. Storage memory or storage devices in a storage array may receive commands to read, write, or erase data. The storage memory or storage devices in a storage array may not be aware of a larger system in which they are embedded, or what the data means. Storage memory or storage devices in storage arrays can include various types of storage memory, such as RAM, solid state drives, hard disk drives, etc. The non-volatile solid state storage (1018) units described herein may have multiple interfaces active simultaneously and serving multiple purposes. In some embodiments, some of the functionality of a storage node (1012) is shifted into a non-volatile solid state storage (1018) unit, transforming the non-volatile solid state storage (1018) unit into a combination of non-volatile solid state storage (1018) unit and storage node (1012). Placing computing (relative to storage data) into the non-volatile solid state storage (1018) unit places this computing closer to the data itself. The various system embodiments have a hierarchy of storage node layers with different capabilities. By contrast, in a storage array, a controller may own and know everything about all of the data that the controller manages in a shelf or storage devices. In a storage cluster, as described herein, multiple controllers in multiple non-volatile solid state storage (1018) units and/or storage nodes (1012) may cooperate in various ways (e.g., for erasure coding, data sharding, metadata communication and redundancy, storage capacity expansion or contraction, data recovery, and so on).

FIG. 13 illustrates a storage server environment, which may utilize embodiments of the storage nodes and storage units according to some embodiments of the present disclosure. Each storage unit (1352) depicted in FIG. 13 can include a processor (e.g., such as controller (1212 in FIG. 13), an FPGA, RAM (1312), flash memory (1306), and NVRAM (1304) on a PCIe board in a chassis. The storage unit (1352) may be implemented as a single board containing storage, and may be the largest tolerable failure domain inside the chassis. In some embodiments, up to two storage units (1352) may fail and the device will continue with no data loss.

The physical storage may be divided into named regions based on application usage in some embodiments. The NVRAM (1304) may be a contiguous block of reserved memory in the storage unit (1352) DRAM that is backed by NAND flash. The NVRAM (1304) may be logically divided into multiple memory regions written for two as spool (e.g., spool region). Space within the NVRAM (1352) spools may be managed by each authority independently. Each device can provide an amount of storage space to each authority. That authority can further manage lifetimes and allocations within that space. Examples of a spool include distributed transactions or notions. When the primary power to a storage unit (1352) fails, onboard super-capacitors can provide a short duration of power hold up. During this holdup interval, the contents of the NVRAM (1304) may be flushed to flash memory (1306). On the next power-on, the contents of the NVRAM (1304) may be recovered from the flash memory (1306).

As for the storage unit controller, the responsibility of the logical “controller” may be distributed across each of the blades containing authorities. This distribution of logical control is shown in FIG. 13 as a host controller (1302), a mid-tier controller (1308), and one or more storage unit controller (1310). Management of the control plane and the storage plane are treated independently, although parts may be physically co-located on the same blade. Each authority can effectively serve as an independent controller. Each authority can provide its own data and metadata structures, its own background workers, and maintains its own lifecycle.

FIG. 14 illustrates a blade (1402) hardware block diagram according to some embodiments of the present disclosure. The example depicted in FIG. 14 includes a control plane (1404), a compute plane (1406), a storage plane (1408), and authorities (1410) interacting with underlying physical resources, using embodiments of the storage nodes, non-volatile solid state storage, storage units, or any combination thereof. The control plane (1404) may be partitioned into a number of authorities (1410) which can use the compute resources in the compute plane (1406) to run on any of the blades (1402). The storage plane (1408) may be partitioned into a set of devices, each of which provides access to flash (1412) and NVRAM (1414) resources.

In the compute plane (1406) and storage planes (1408), the authorities (1410) may interact with the underlying physical resources (i.e., devices). From the point of view of an authority (1410), its resources may be striped over multiple the physical devices. From the point of view of a device, it provides resources to multiple authorities (1410), irrespective of where the authorities happen to run. In order to communicate and represent the ownership of an authority (1410), including the right to record persistent changes on behalf of that authority (1410), the authority (1410) may provide some evidence of authority ownership that can be independently verifiable. A token, for example, may be employed for this purpose and function in one embodiment.

Each authority (1410) may have allocated or have been allocated one or more partitions (1416) of storage memory in the storage units, e.g. partitions (1416) in flash memory (1412) and NVRAM (1414). Each authority (1410) may use those allocated partitions (1416) that belong to it, for writing or reading user data. Authorities can be associated with differing amounts of physical storage of the system. For example, one authority (1410) could have a larger number of partitions (1416) or larger sized partitions (1416) in one or more storage units than one or more other authority (1410).

Readers will appreciate that although the example methods described above are depicted in a way where a series of steps occurs in a particular order, no particular ordering of the steps is required unless explicitly stated. Example embodiments of the present disclosure are described largely in the context of a fully functional computer system for on-demand content filtering of snapshots. Readers of skill in the art will recognize, however, that the present disclosure also may be embodied in a computer program product disposed upon computer readable storage media for use with any suitable data processing system. Such computer readable storage media may be any storage medium for machine-readable information, including magnetic media, optical media, or other suitable media. Examples of such media include magnetic disks in hard drives or diskettes, compact disks for optical drives, magnetic tape, and others as will occur to those of skill in the art. Persons skilled in the art will immediately recognize that any computer system having suitable programming means will be capable of executing the steps of the method of the disclosure as embodied in a computer program product. Persons skilled in the art will recognize also that, although some of the example embodiments described in this specification are oriented to software installed and executing on computer hardware, nevertheless, alternative embodiments implemented as firmware or as hardware are well within the scope of the present disclosure. In fact, embodiments may include a system, a method, a computer program product, or others. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present disclosure.

The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing. A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.

Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network. The network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.

Computer readable program instructions for carrying out operations of the present disclosure may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present disclosure.

Aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.

These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.

Readers will appreciate that the steps described herein may be carried out in a variety ways and that no particular ordering is required. It will be further understood from the foregoing description that modifications and changes may be made in various embodiments of the present disclosure without departing from its true spirit. The descriptions in this specification are for purposes of illustration only and are not to be construed in a limiting sense. The scope of the present disclosure is limited only by the language of the following claims. 

What is claimed is:
 1. A method of on-demand content filtering of snapshots within a storage system, the method comprising: associating an access policy with a stored snapshot, the access policy specifying a transformation to apply to a predefined data object, wherein the stored snapshot is a copy of data in the storage system at a particular point in time; receiving, by the storage system, a first request to access a portion of the stored snapshot; and responsive to receiving the first request: creating a transformed snapshot portion by applying the transformation specified in the access policy to one or more data objects contained within the portion of the stored snapshot; and presenting the transformed snapshot portion.
 2. The method of claim 1 wherein creating the transformed snapshot portion further comprises: identifying the one or more data objects within the portion of the stored snapshot as matching the predefined data object specified in the access policy; and creating modified versions of the one or more data objects within the portion of the stored snapshot.
 3. The method of claim 1 further comprising storing, within the storage system, the transformed snapshot portion.
 4. The method of claim 3 wherein storing the transformed snapshot portion further comprises storing, within the storage system, modified versions of the one or more data objects within the portion of the stored snapshot, without storing, within the storage system, an additional copy of data objects within the other portions of the snapshot.
 5. The method of claim 3 further comprising: receiving a second request to access the portion of the stored snapshot; and in response to receiving the second request to access the portion the stored snapshot, presenting the transformed snapshot portion stored within the storage system.
 6. The method of claim 1 wherein the access policy indicates types of information that are to be made inaccessible.
 7. The method of claim 1 wherein applying the transformation specified in the access policy to a data object contained within the portion of the stored snapshot further comprises masking types of information that are to be made inaccessible.
 8. An apparatus for on-demand content filtering of snapshots within a storage system, the apparatus comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of: associating an access policy with a stored snapshot, the access policy specifying a transformation to apply to a predefined data object, wherein the stored snapshot is a copy of data in the storage system at a particular point in time; receiving, by the storage system, a first request to access a portion of the stored snapshot; and responsive to receiving the first request: creating a transformed snapshot portion by applying the transformation specified in the access policy to one or more data objects contained within the portion of the stored snapshot; and presenting the transformed snapshot portion.
 9. The apparatus of claim 8 wherein creating the transformed snapshot portion further comprises: identifying the one or more data objects within the portion of the stored snapshot as matching the predefined data object specified in the access policy; and creating modified versions of the one or more data objects within the portion of the stored snapshot.
 10. The apparatus of claim 8 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the step of storing, within the storage system, the transformed snapshot portion.
 11. The apparatus of claim 10 wherein storing the transformed snapshot portion further comprises storing, within the storage system, modified versions of the one or more data objects within the portion of the stored snapshot, without storing, within the storage system, an additional copy of data objects within the other portions of the stored snapshot.
 12. The apparatus of claim 10 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of: receiving a second request to access the portion of the stored snapshot; and in response to receiving the second request to access the portion of the stored snapshot, presenting the transformed snapshot portion stored within the storage system.
 13. The apparatus of claim 8 wherein the access policy indicates types of information that are to be made inaccessible.
 14. The apparatus of claim 8 wherein applying the transformation specified in the access policy to a data object contained within the portion of the stored snapshot further comprises masking types of information that are to be made inaccessible.
 15. A storage system that includes a plurality of storage devices, the storage system including a computer processor and a computer memory, the computer memory including computer program instructions that, when executed by the computer processor, cause the computer processor to carry out the steps of: associating an access policy with a stored snapshot, the access policy specifying a transformation to apply to a predefined data object, wherein the stored snapshot is a copy of data in the storage system at a particular point in time; receiving, by the storage system, a first request to access a portion of the stored snapshot; and responsive to receiving the first request: creating a transformed snapshot portion by applying the transformation specified in the access policy to one or more data objects contained within the portion of the stored snapshot; and presenting the transformed snapshot portion.
 16. The storage system of claim 15 wherein creating the transformed snapshot portion further comprises: identifying the one or more data objects within the portion of the stored snapshot as matching the predefined data object specified in the access policy; and creating modified versions of the one or more data objects within the portion of the stored snapshot.
 17. The storage system of claim 15 further comprising computer program instructions that, when executed by the computer processor, cause the computer processor to carry out the step of storing, within the storage system, the transformed snapshot portion.
 18. The storage system of claim 17 wherein storing the transformed snapshot portion further comprises storing, within the storage system, modified versions of the one or more data objects within the portion of the stored snapshot, without storing, within the storage system, an additional copy of data objects within the other portions of the stored snapshot.
 19. The storage system of claim 17 further comprising computer program instructions that, when executed by the computer processor, cause the computer processor to carry out the steps of: receiving a second request to access the portion of the stored snapshot; and in response to receiving the second request to access the portion the stored snapshot, presenting the transformed snapshot portion stored within the storage system.
 20. The storage system of claim 15 wherein the access policy indicates types of information that are to be made inaccessible. 